back to article Solaris deposed as US drone-ware, replaced by Linux administration

Hey, Linux fans: a high-profile, colossal, global outfit is about to dump a proprietary operating system and replace it with Linux in a very, very, demanding application that literally involves life and death situations. We've known this for a while actually, since 2012 to be precise, as that is when the Naval Air Station at …

COMMENTS

This topic is closed for new posts.
  1. Eradicate all BB entrants

    They probably realised ....

    ..... that while open source may have some risks it is not as great as the risk of Larry raising the prices once the system was entrenched. Either that or installing it on a non GUI system was too much hassle even with Mobaxterm.

    1. Anonymous Coward
      Anonymous Coward

      Re: They probably realised ....

      As a long term Solaris fan ...

      I couldn't agree with you more!

    2. Anonymous Coward
      Anonymous Coward

      Re: They probably realised ....

      Yep it must have been the price. Linux is after all one of the few OSs with more known security holes than Solaris...

      1. Anonymous Coward
        Anonymous Coward

        Re: They probably realised ....

        Hi TheVogon, now you've opened with the standard Linux security holes spiel, I'm guessing next up is the link to the irrelevant Zone-H Survey in 5..4...3...2...1

        1. Anonymous Coward
          Anonymous Coward

          Re: They probably realised ....

          Wrong guess. Here instead are some supporting stats:

          http://secunia.com/advisories/product/12192/

          http://secunia.com/advisories/product/4813/

          1. Anonymous Coward
            Anonymous Coward

            Re: They probably realised ....

            So... you're again cherry picking results that you think support your case, comparing one distribution of Linux from one vendor with Solaris? Good to see you've changed the material, if not your form. Of course, you did notice this little snippet further down the page... right?

            "PLEASE NOTE: The statistics provided should NOT be used to compare the overall security of products against one another. It is IMPORTANT to understand what the below comments mean when using the statistics, especially when using the statistics to compare the vulnerability aspects of different products."

            Here's another set of Secunia advisories that demonstrate the joys of cherry picking:

            http://secunia.com/advisories/product/1173/?task=statistics_2014

            So... should I just use the link above to make spurious confirmation bias-based claims that all versions of Windows Server are equally vulnerable and unpatched to a similar degree over time? Decisions, decisions...

            1. Anonymous Coward
              Anonymous Coward

              Re: They probably realised ....

              Let me see:

              648 vulnerabilities in Windows Server 2003

              1,697 vulnerabilities in Solaris 10

              4,244 vulnerabilities in SUSE 10.

              Your link just further backs up the point being made - That 'Linux is one of the few OSs with more known security holes than Solaris'. The only other one I know of being OS-X.

              1. Anonymous Coward
                Anonymous Coward

                Re: They probably realised ....

                Instead of simply looking up a web page and triumphantly throwing out numbers, you might want to try looking at examples of the actual updates. Last time I looked, IBM Java 6 was not Linux.

                Definition: "A Linux distribution (often called distro for short) is an operating system built on top of the Linux kernel."

                This means that every single piece of software included in the SuSe 10 distribution is included in the advisories. That can, and probably would include everything from /usr/games/fortune to an office suite and won't be same as other distros.

                Since you instead prefer to think of Linux as a single piece of software, instead of the collection of several hundred (often specialised) distributions it actually is, let's play that game with Microsoft. There are 1069 pieces of Microsoft software listed on Secunia. I'll take 2003 Server as a convenient choice which with to coat Redmond's entire product line with a layer of bullshit and say that this must mean n thousand security vulnerabilities affecting all versions of 'Windows', even if the vulnerabily is actually in Office, or some other vendor's software, but hey it's installed on Windows, and it's all just Microsoft isn't it? Never mind that recent versions are a huge step up in the security stakes if properly maintained, deployed and managed.

                This is approximately your logic.

              2. Charles Manning

                Security stats are all meaningless

                These security stats mean nothing, for any OS, when we're dealing with embedded/dedicated systems.

                They don't run a whole LAMP stack or the whole of Ubuntu/whatever. No email. No Twitter.

                They just run kernel + custom software.

  2. thomas k.
    Thumb Up

    Wow, that'd make a great T-shirt!

    Death from above*

    *now powered by Linux

    1. Scroticus Canis
      Black Helicopters

      Re: Wow, that'd make a great T-shirt!

      Love it. But will they now have the "Intel on the inside" logo on the hardware itself or more appropriately "Powered by ARM"?

      I always thought Solaris was a killer opsys, but little did I know....

      1. RISC OS

        Re: Wow, that'd make a great T-shirt!

        "Powered by" is so old school. Why not nick one of the old risc os coding groups names? They were always creative when it came to mentioning ARM:

        Grievous Bodily 'ARM

        ARMageddon

        ...

      2. Anonymous Coward
        Anonymous Coward

        Re: Wow, that'd make a great T-shirt!

        Powered by ASM (air to surface missile) more like.

    2. Bill Neal

      Re: Wow, that'd make a great T-shirt!

      Death as a Service? in the cloud?

    3. Anonymous Coward
      Linux

      Re: Wow, that'd make a great T-shirt!

      "Death from above*

      *now powered by Linux"

      At least penguins will be safe. Its bound to have a prime directive not to harm them!

    4. Euripides Pants
      Facepalm

      Re: Death from above

      But penguins can't fly!

      1. Volker Hett

        Re: Death from above

        Given enough thrust they'll fly just fine!

  3. Magnus_Pym

    I've missed something here

    I'm I read somewhere that someone developing driver-less cars said they had to write their own OS because a PC or server based OS might go off and do housekeeping chores at inopportune moments. A pilot-less military helicopter however appears to be OK with a general purpose database app on top of a general purpose OS. Is that right?

    1. Ralph B

      Re: I've missed something here

      Google's self driving cars are allegedly running on modified Ubuntu Linux. So there you are then. (A working version of the video linked to in that previous linked article can be found here.)

      1. Piro Silver badge

        Re: I've missed something here

        I'm not sure a general purpose OS is suitable for this, I'd rather see a true real time OS that's coded for the task, and doesn't have attack vectors because the code never existed.

        But of course, that would require a lot of effort.

        1. Anonymous Coward
          Anonymous Coward

          Re: I've missed something here

          "I'm not sure a general purpose OS is suitable for this"

          Maybe, but just because they started off with general purpose Linux doesn't mean thats what they'll end up with. From a security point of view any sensible designer is going to strip off all code that isn't needed, and the bit that's left ought to be there only because it is needed.

          However, before Linux fans break out the champagne, I'd note that the US have yet to rationalise their many different air forces, armies and drone units (including at least six separate major air operations). The vast amount of overlap, duplication, infighting and waste, when combined with a budget squeeze that has barely started make this consolidation inevitable.

          It doesn't follow that the USNAS will be the lead developer for pilotless choppers - could be the marines, could be the air force, could be the army, could be a new combined defence development unit. Until the consolidation has been completed there's no guarantees as to what hardware or software will prevail.

          1. Anonymous Coward
            Anonymous Coward

            Re: I've missed something here

            " From a security point of view any sensible designer is going to strip off all code that isn't needed, and the bit that's left ought to be there only because it is needed."

            You've obviously never worked with any of the dev types I have then: pretty much all of them are of the "install everything and we'll write the app to run as admin" school of design.

          2. Tom 7

            Re: I've missed something here

            You appear to have missed the little box that you tick to make the kernel real time.

        2. Steve Graham

          Re: I've missed something here

          A general-purpose OS isn't suitable for ATMs, or voting machines, or industrial controllers, or medical equipment either, but people still do it.

          1. Androgynous Cupboard Silver badge

            Re: I've missed something here

            Why not? What's so special about an ATM, or a voting machine? I could sketch the logic on the back of an envelope and neither require real-time anything. As for the others, with appropriate hardware interface boards to ensure real-time stuff happens in real time, same question?

            1. JEDIDIAH
              Linux

              Re: I've missed something here

              > Why not? What's so special about an ATM, or a voting machine?

              It's something we actually care about. It doesn't really fit well into the typical corporate mentality of cutting corners until you are left with a circle.

              Software development for those devices should look nothing like the usual nonsense that goes on with consumer products and business systems.

        3. Lyndon Hills 1

          Re: I've missed something here

          "coded for the task, and doesn't have attack vectors"

          I think attack vectors will be important for efficient death-dealing.

    2. Anonymous Coward
      Anonymous Coward

      Re: I've missed something here

      Yes but imagine the possibilities for dealing with spammers.

    3. John Bailey

      Re: I've missed something here

      No.

    4. Anonymous Dutch Coward

      Controlling how? Re: I've missed something here

      @Magnus Pym: you're right that the on board flight control system should probably be real time. The question the article raised to me is what is meant by "software controlling the drone" - perhaps it's remote control software+GUI/a flight management tool etc that's used on the ground. As you're dealing with probably powerful computers and delays/latencies due to radio links anyway, having a normal OS instead of real time looks like a good design choice.

    5. dlc.usa
      Boffin

      Re: I've missed something here

      Perhaps they're using the RT patches (http://en.wikipedia.org/wiki/RTLinux). That's what I would do, anyway.

    6. NP-Hardass

      Re: I've missed something here

      I think the term that you are looking for is a Real Time OS (RTOS)

    7. Volker Hett

      Re: I've missed something here

      Although you can get Linux to near realtime, I don't think the drone itself depends on it, Linux is probably for the backend.

  4. Pen-y-gors

    Publishing the code?

    Isn't it a requirement of using Linux that the code modifications must be published? So we'll have the US Merchants of Death (tm) developing code which Al Quaeda can use in their drones. Neat.

    1. fandom

      Re: Publishing the code?

      No, the requirement is that source code has to be distributed to the clients that buy the binaries.

      Not that the modifications of the kernel will tell much about flying the drone.

      1. P. Lee

        Re: Publishing the code?

        Not just those who purchase but anyone who receives the bjnaries. I wonder if the missiles are linux powered too?. "I could give you the source code, but then I'd have to kill you."

        1. Yet Another Anonymous coward Silver badge

          Re: Publishing the code?

          Actually I think it's more "I could kill you, but then I'd have to give you the source code,." !

          1. gosuckit

            Re: Publishing the code?

            If you're dead there is no reason to give you the source code! They will go out with a bang..........

        2. Vic

          Re: Publishing the code?

          Not just those who purchase but anyone who receives the bjnaries.

          If you're distributing under Section 3(b) - as most commercial entities do - it's any third party. Whether or not they've received the binaries is irrelevant.

          Vic.

    2. Anonymous Coward
      Stop

      Re: Publishing the code?

      "Isn't it a requirement of using Linux that the code modifications must be published? "

      GPLv2 was published in June, 1991...after so many years, people still come with this dumb quote? NO, the source must be PROVIDED with the binaries DISTRIBUTED. Since the recipient is only one entity, they are the only one entitled for it.

      "So we'll have the US Merchants of Death (tm) developing code which Al Quaeda can use in their drones. Neat."

      Al Quaeda use Windows on their desktops and laptops. The only drones they use are made with paper...

    3. This post has been deleted by its author

    4. Peter Gathercole Silver badge

      Re: Publishing the code?

      It would only be any code that is covered by GPL that has been modified that would have to be included anyway.

      Most of the application development tools and library runtimes are published under LGPL, so it is perfectly possible to add the controlling layer as an application that sits on top of Linux linking to LGPL code without having to provide the source to anybody, even the people who buy the binaries.

      If you are extending it comment about modified code to the previous comments about stripping Linux down to stop housekeeping, the stuff that is likely to affect performance is all in user space, and can be configured out by modifying the runtime configuration. Similarly, any parts of the kernel that are not required can be stripped out at kernel build time by configuration. The configuration files for the kernel build and runtime daemon configuration are not covered by GPL, so would not have to be published.

      This perception that anything that runs on Linux has to be covered by the full GPL is just crap, and the sooner more people understand this, the more likely it is we will see commercial applications appear to run on Linux, something that is definitely required for Linux to be perceived as a viable full alternative to other operating systems. The opportunity for Linux to take the desktop is past (unless it's Android!), but I'm still hoping that it can achieve sufficient traction that it does not die as a desktop OS.

      1. Yet Another Anonymous coward Silver badge

        Re: Publishing the code?

        You still have to make the offer to provide the source of the LGPL libs you used when you distribute the app binary.

        Does dropping a bomb on somebody count as distribution? Would having the GPL text on the side of the bomb be sufficient?

      2. Vic

        Re: Publishing the code?

        It would only be any code that is covered by GPL that has been modified that would have to be included anyway.

        This is not true.

        If you *distribute* GPLed code (which is not the case here), you either ship the source with the binaries or you accompany it with a written offer, valid for at least 3 years, to supply source to any third party

        Whether or not you have modified the code is entirely irrelevant - go and read the GPL. Section 3 is the one you want.

        The configuration files for the kernel build and runtime daemon configuration are not covered by GPL, so would not have to be published.

        From Section 3 of GPLv2 :-

        " For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable."

        Vic.

  5. Andy Roid McUser
    Black Helicopters

    one minor flaw

    Actually what happened was that they gave the commandment to a junior to go and get the source code to iOS. After being laughed out of the room by both Apple and Cisco, the junior, using his initiative, got the closest thing he could... cOS . Not realizing that this is in fact the Chinese state funded Linux mobile OS. It was free after all and they gave him the source code wrapped up in a nice auto-loading USB key.

    The Chinese now have a fleet of remote controlled Death Machines sat on US soil ready for activation as an incentive for the good people of USA to pay back all that money they borrowed.

    I for one welcome our Chinese................

    1. Anonymous Coward
      Anonymous Coward

      Re: one minor flaw

      sounds like you should return to your basement home and hourly reading of /.

      1. Andy Roid McUser

        Re: one minor flaw

        AC lighten up , it's a joke and there is never a requirement to make things personal. It's a giant neon sign of insecurity.

        1. Anonymous Dutch Coward
          Pint

          Re: one minor flaw

          Didn't particularly like the joke... (a bit too elaborate) but that's taste for you (IOW that's my problem, not yours). Totally agreed with your point, Andy - have an upvote ;)

  6. frank ly

    Can anyone help me here?

    I'm trying to set up a cron job that disables the launch of a Hellfire missile if an 'arm' confirmation is not received within 100ms of the initial 'weapons enable' command. This was working fine until I installed the proprietary Nvidia drivers for my FLIR display. Before anyone asks, I have installed the latest version of the combat-calc libraries.There was a post from SuperTrooper on the forum last week that dealt with cron and task schedule interference but I didn't bookmark it.

    1. Number6

      Re: Can anyone help me here?

      Personally I'd use at and a highly obfuscated perl script (if that isn't a tautology) to execute the command after 100ms if it wasn't cancelled by something else first.

      1. John Gamble
        Joke

        Re: Can anyone help me here?

        That's the problem with perl newbies, always trying to code from scratch when a perfectly good CPAN module is available. Like Acme::Boom..

  7. cookieMonster Silver badge
    Mushroom

    easy install

    apt-get install APKWS

    1. Anonymous Coward
      Anonymous Coward

      Re: easy install

      sudo apt-get install APKWS

      Reading package lists... Done

      Building dependency tree

      Reading state information... Done

      E: Unable to locate package APKWS

      tried it - did not work :( shame cos I was really looking forward to controlling a real life game plane....

      can you send me your sources.list :)

  8. codejunky Silver badge
    Joke

    Damn

    I was so hoping they would move to windows. Then they could deliver the blue screen of death

    1. Anonymous Coward
      Anonymous Coward

      Re: Damn

      why when we can deliver kernel panics instead?

      1. codejunky Silver badge
        Joke

        Re: Damn

        "why when we can deliver kernel panics instead?"

        Nooo. They will be fighting Russians so when the drones are shot out of the sky it is the Colonel panics!

        1. Androgynous Cupboard Silver badge

          Re: Damn

          <inevitable>

          It's General Failure you want to watch out for.

          </inevitable>

    2. Anonymous Coward
      Anonymous Coward

      Re: Damn

      Perhaps they thought delivering Ghost Processes was more appropriate?

    3. Anonymous Coward
      Anonymous Coward

      Re: Damn

      "I was so hoping they would move to windows. Then they could deliver the blue screen of death"

      It wouldn't be the first time

    4. Hi Wreck
      Mushroom

      Re: Damn

      It's been done already. Windows for warships, complete with blue screen of death, for the missle cruiser which had to be towed back to port.

  9. Anonymous Coward
    Anonymous Coward

    meh

    http://www.sunfreeware.com/programlistintel11.html

    looks like solaris consists of lots of open source code that makes it a closed source product..

    A bit like LDAP VS AD

    Use open source to keep up with what people want then slate it. Is Solaris the new windows ?

  10. Anonymous Coward
    Anonymous Coward

    But, but, but..

    .. I thought penguins don't fly?

    As for a real time OS, given that Blackberry has gone the QNX route, maybe it could just have a BB10 for brains..

    1. John G Imrie

      Re: But, but, but..

      You need to watch https://www.youtube.com/watch?v=9dfWzp7rYR4 from the BBC

  11. Anonymous Coward
    Anonymous Coward

    My worry is the admins

    The Linux code is ok - the developers know their stuff more or less.

    The main problem with Linux is the insecure, paranoid, fanatical, basement-dwelling users.

    I'm not happy one of these Linusers will be responsible for upkeep.

    1. Jamie Jones Silver badge

      Re: My worry is the admins

      Obvious troll is... Etc.

      1. Destroy All Monsters Silver badge
        Trollface

        Re: My worry is the admins

        Hush! Just put him on the President's Personal Kill-List (updated every Wednesday!)

    2. Hans 1
      Windows

      Re: My worry is the admins

      > The main problem with Windows is the insecure, fanatical, window cleaning admins.

      Fixed that ;-)

      PS: Window cleaners cannot be paranoid or they would do something else for a living.

  12. Lars Silver badge
    Linux

    Not surprised

    Not surprised Linux was the choice here, nor surprised by the remains of the FUD by MS still around. First of all there is kernel space and user space and the software to the Northrop Grumman MQ-8 is most likely in user space, and that is theirs and only theirs, be that in the drone or on the ground or both. For instance if you have, say a router, probably running Linux then you will find in the instructions a text telling you where to find the kernel source or just the version number of the kernel. There was a time when some big companies, like Cisco tried to cheat but those things seem to be OK to day.

    And also, I can tweak a Linux kernel to my hearts delight, it's only if I start to deliver it as a product that I have to show my tweaks to the kernel. As far as I understand Google is not forced to revel what they do to the kernel as they use it only for themselves (GPL2).

    I used Solaris and other *nix versions like HP-UX, Aix, SCO, For-Pro for some 15 years. All acceptable, all sightly different but good. No Linux then but that has changed in favor of Linux a lot since then.

    The thing to remember here is that there is more power behind the development of Linux than behind any other *nix version, with a question mark for iOS.

    Somebody pointed out that when you compile a Linux kernel you simply leave out all the stuff your kernel does not need, that, of course, is an advantage with a compilable kernel. I did it once just for fun, but the reason I mention this is that there is still a bit left of the FUD that you have to do it, you don't.

    The real time question mentioned in previous comments is very interesting too, lots of that on the web to read about. Traditionally *nix and real time are mutually exclusive. *nix systems have a "democratic" scheduler not very good at interrupts regarding processes. (and I know there are those who can explain this better). Anyway, things have changed here too. If you look at the traditional real time providers they have, more or less, all moved to Linux. It is possible to deal with the real time demands on top of the Linux kernel, as some do, and real time features have been added to the kernel for many years, faster processors have also helped.

    The only thing that would surprised me is, if I actually knew how largely Linux is used to day. Its use is growing all the time, and why not, it's just a fact.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not surprised

      > Traditionally *nix and real time are mutually exclusive. *nix systems have a > "democratic" scheduler not very good at interrupts regarding processes.

      http://www.redhat.com/products/mrg/realtime/

      1. Volker Hett

        Re: Not surprised

        traditionally Linux is not a *nix and its pretty new on the market with just a little over two decades ;)

  13. Number6
    Coat

    The advantage of having a Linux app is that if a drone crashes in Afghanistan and is recovered by the bad guys, if they're running Windows machines, they won't be able to take advantage of what they've captured.

  14. Valeyard

    Am I remembering wrong..

    Didn't I read somewhere that linux shouldn't be used for military purposes where it could be used to kill someone? as part of some sort of ethical clause in the license?

    I'll have to google that when I get home, maybe i imagined it

    1. Valeyard

      Re: Am I remembering wrong..

      Christ. 3 thumbs down with nary a reply

      you delicate little puffins

    2. Vic

      Re: Am I remembering wrong..

      Didn't I read somewhere that linux shouldn't be used for military purposes where it could be used to kill someone? as part of some sort of ethical clause in the license?

      Not somewhere authoritative.

      The GPL has an explicit clause (Section 6) to prevent any such field-of-use restrictions:

      " You may not impose any further restrictions on the recipients' exercise of the rights granted herein."

      maybe i imagined it

      It's one of the memes that pops up with alarming regularity. It has no basis in fact, nor has it ever had.

      Vic.

    3. Phil O'Sophical Silver badge
      Mushroom

      Re: Am I remembering wrong..

      In the Sun days, the SunOS/Solaris EULA had a clause forbidding its use in nuclear control situations.

      Maybe they've upgraded the drones...

This topic is closed for new posts.

Other stories you might like